From 993c7691ecf721d807a1ca38048877e7b9c54d8e Mon Sep 17 00:00:00 2001 From: Dave Syer Date: Fri, 5 Sep 2014 16:30:27 +0100 Subject: [PATCH] Fix recommended authentication configuration to match samples --- spring-boot-docs/src/main/asciidoc/howto.adoc | 23 ++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) diff --git a/spring-boot-docs/src/main/asciidoc/howto.adoc b/spring-boot-docs/src/main/asciidoc/howto.adoc index 5b375812a8..afcf5d7fd6 100644 --- a/spring-boot-docs/src/main/asciidoc/howto.adoc +++ b/spring-boot-docs/src/main/asciidoc/howto.adoc @@ -1369,16 +1369,17 @@ http://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/#jc Spring Security also provides a convenient `AuthenticationManagerBuilder` which can be used to build an `AuthenticationManager` with common options. The recommended way to -use this in a webapp is to inject it into a void method in a +use this in a webapp is to inject it into a callback method in a `WebSecurityConfigurerAdapter`, e.g. [source,java,indent=0,subs="verbatim,quotes,attributes"] ---- @Configuration + @Order(SecurityProperties.ACCESS_OVERRIDE_ORDER) public class SecurityConfiguration extends WebSecurityConfigurerAdapter { - @Autowired - public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { + @Override + public void configure(AuthenticationManagerBuilder auth) throws Exception { auth.inMemoryAuthentication() .withUser("barry").password("password").roles("USER"); // ... etc. } @@ -1393,6 +1394,22 @@ You will get the best results if you put this in a nested class, or a standalone order of instantiation). The {github-code}/spring-boot-samples/spring-boot-sample-web-secure[secure web sample] is a useful template to follow. +If you experience instantiation issues (e.g. using JDBC or JPA for the +user detail store) it might be worth extracting the +`AuthenticationManagerBuilder` callback into a +`GlobalAuthenticationConfigurerAdapter` (in the `init()` method so it +happens before the authentication manager is needed elsewhere), e.g. + +``` +@Configuration +public class AuthenticationManagerConfiguration extends + GlobalAuthenticationConfigurerAdapter { + @Override + public void init(AuthenticationManagerBuilder auth) { + auth.inMemoryAuthentication() // ... etc. + } +} +``` [[howto-enable-https]]